Articles 13 and 14 of Regulation 2016/679/EU
Dear User, in accordance with Articles 13 and 14 of Regulation 2016/679/EU (GDPR), we hereby inform the customer that the personal data provided or in any case acquired by us will be processed in compliance with the regulations in force and the principles of lawfulness, correctness, transparency, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability.
WHO WE ARE
The Data Controller is Errezetauno Srl, with registered office in Via Chiatamone 53/c - 80121, which, as part of its prerogatives, may use the services of specifically identified managers or appointees. In carrying out its activities, the Company pays the most careful attention to the security and confidentiality of its customers' personal data. The Company is the Data Controller of the personal data collected on this website.
HOW WE COLLECT YOUR PERSONAL DATA
The Company collects and processes personal data in the following circumstances:
Collection of personal data in paper form during Check In;
Data collection via electronic means at Check In;
Data collection via email correspondence;
Collection of personal data via Synxis platform for online booking;
FOR WHICH PURPOSES YOUR PERSONAL DATA CAN BE USED
Personal data, as described above and provided by the customer, are collected and used for the following purposes related and instrumental to the activity of Errezetauno Srl:
1 Contractual purpose [Art. 6, par. 1, lett. b) GDPR]
To enable the performance of the obligations under the contract for the use of the hotel services contained therein.
2 Legal obligations [Art. 6(1)(c) GDPR]
Fulfil the following obligations prescribed by law:
a. public safety obligations provided for in Article 109 of Royal Decree No. 773 of 18 June 1931, as amended, relating to the communication to the Police Headquarters of guests’ personal details;
b. obligations prescribed by law, regulations, Community legislation or an order of the Authority (such as anti-money laundering);
c. administrative, accounting and fiscal obligations. The data acquired for such purposes will be stored for the duration foreseen by the respective regulations;
3 Intended purpose of the services offered [Art. 6(1)(a) GDPR]
Subject to prior free consent, which may be expressed by ticking the respective boxes on the "Consent to processing of personal data" form which can be completed at the time of check-in, the data provided may also be processed for the following purposes: a. to offer attentive and personalised services throughout your stay in our hotel, such as reception of messages and telephone calls addressed to you, delivery of mail and parcels, forwarding telephone calls to your room and booking external services, handling of any special requests relating to your state of health; b. to speed up the registration process in the event of future stays at our facility. Your data will be stored for a maximum period of 24 months.
4 Promotional purposes [Art. 6(1)(a) GDPR]
a. Promotional purposes relating to the advertising of services (so-called Soft Spam) [Art. 6(1)(f) GDPR]
In compliance with art. 130, paragraph 4 of Legislative Decree no. 196/2003 and subsequent amendments and integrations - Errezetauno may use - without the obligation to obtain your prior consent - the contact details provided during the purchase process in order to promote services. Nevertheless, you may at any time object to such further processing when receiving any advertising communication as described above, by using the opt-out mechanism provided in the communication received or by sending an e-mail to firstname.lastname@example.org with the subject line "unsubscribe marketing e-mail".
b. Promotional purposes relating to other services, events, promotions and commercial initiatives [Art. 6(1)(a) GDPR]
Subject to your free consent, which may be expressed by ticking the respective boxes on the form "Consent to personal data processing" which may be submitted at the time of check-in, the data provided may be processed for the purpose of sending commercial communications or advertising material, or for direct sales or market research activities using traditional contact methods - via post or telephone - or automated methods - such as SMS, fax, email or operator-free telephone calls; you may withdraw your consent at any time, even partially, e.g. by accepting traditional contact methods only.
HOW WE KEEP YOUR PERSONAL DATA SAFE
The processing of "common" personal data for each of the above purposes will take place in automated and telematic and/or traditional form (paper media, ordinary mail or non-automated telephone communication), with methods strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data, as well as the possibility for the interested party to consent to only one of the methods of contact (electronic or traditional).
HOW LONG YOUR INFORMATION IS STORED
Personal data will only be stored for the time necessary to fulfil the purposes for which it was collected or for any other related legitimate purpose. Therefore, if personal data is processed for two different purposes, we will retain that data until the purpose with the longer retention period ends, however personal data whose retention period has ended will no longer be processed for that specific purpose. We restrict access to your personal data only to those who need to use it for relevant purposes. Any personal data which is no longer required, or for which there is no longer a legal basis for retention, will be irreversibly anonymized (and can thus be retained) or securely destroyed. Below is a list of storage times in relation to the different purposes listed above: Fulfilment of contractual obligations: data processed to fulfil any contractual obligation may be kept for the entire duration of the contract and in any case no longer than 10 years, in order to verify any outstanding amounts including accounting documents (e.g. invoices). Operational management and strictly related purposes for access to the website: data processed for such purposes may be kept for the entire duration of the contract and in any case for no longer than 10 years. Customer satisfaction survey purposes: data processed for such purpose may be retained from the date upon which the last consent was obtained for such purpose (other than an objection to receive any further communication) until the applicable legislation in force. In the event of a dispute: in the event that we may need to undertake a defence or action or make a claim against you or a third party, we may retain personal data which we reasonably consider necessary to process for such purposes for as long as such claim may be pursued.
WHO PERSONAL DATA MAY BE SHARED WITH
Your personal data may be accessed by:
1) duly authorised employees;
2) duly appointed data processors
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO FILE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
The party concerned may exercise their rights by e-mail, by writing to the following e-mail address email@example.com or by registered letter addressed to the Company's registered office.
You are entitled to require the Company:
- Access to your personal data (Art. 15 EU Regulation 2016/679), - Amendment (art. 16 EU Regulation 2016/679),
- Deletion (art. 17 EU Regulation 2016/679),
- Limitation (art. 18 EU Regulation 2016/679),
- Portability, understood as the right to obtain from the data controller the data in a structured, commonly used and machine-readable format for transmission to another data controller free of hindrance (Art. 20 EU Regulation 2016/679),
- Objection to processing (Art. 21 EU Regulation 2016/679),
Please note that pursuant to Article 77 of EU Regulation 2016/679, complaints may be filed with the Supervisory Authority in the event of a breach of current legislation regarding the protection of personal data.